Correct NAT for IMAP Client

Hi community,

currently I am running out of ideas how to correctly NAT internally connected IMAP clients to our internal mail server.

Following setup:

- IMAP client account with mail.domain.de over port 993 configured
- Masquerading: Internal (Network) -> External
- DNAT: Internet IPv4 -> IMAP SSL -> External (Address) --> internal IP mailserver (mail.internal.local)
- I made sure nothing of the IMAP traffic gets blocked by the firewall
- WLAN internal bridged to AP LAN

Behaviour:

- IMAP connection works if the client connects from outside the internal network (e.g. WLAN at home)
- IMAP connection does NOT work if the client is connected via internal WLAN

tcpdump:

- running a tcpdump shows, the client establishes connection to mail.domain.de but gets answers from mail.internal.local

So I tried to set up SNAT to change the answer from mail.internal.local to mail.domain.de and a DNAT to change the destination of internal requests from mail.domain.de to mail.internal.local.

tcpdump again:

- now it showed requests and answers to and from mail.domain.de

But still, the internally connected IMAP client can't connect to the mail server over 993.

Maybe someone is able to enlighten me here. :)